Integration using a cross account role

Before being able to use the AWS integration you'll need to create an initial "master" role for Kubiya to be able to access your AWS account

Prerequisites

Before you begin, ensure that you have the following:

  • Access to the Kubiya platform.

  • Appropriate permissions to make configurations on AWS (IAM)

Create Role on AWS

Create a role on AWS for Kubiya to perform actions on AWS:

  1. Login to your AWS console and navigate to the Identity and Access Management (IAM) page.

  2. Click on the Roles section

  3. Click Create Role button in the top right corner

  4. In the “Select trusted entity” dialog:

    1. Select “AWS account”

    2. Select “Another AWS account

    3. Enter the Kubiya Account ID in the identifier input box 564407622114

    4. Click Next

  5. In the ‘Policies’ dialog, select the access rules that you would like Kubiya to have access to, then click Next

  6. In the “Role details” dialog:

    1. Name the role, you will need this later.

    2. Confirm the Kubiya Account ID in the JSON under “Step 1: Select trusted entities”

    3. Confirm the selected permissions under “Step 2: Add permissions”

    4. If correct, click the Create role button

Enable the integration

In the Kubiya web interface , navigate to the connectors panel:

Choose AWS:

Fill in your account details based on the role you have created:

Connecting with AWS using a local runner:

This is usually an advanced option - targeted for cases where you'd like to access AWS using a local runner (such as a Kubernetes cluster) with an instance profile role.

a. Uncheck SaaS Deployment

b. Select the target local runner where to install the integration on:

c. Interaction from AWS will be done using the runner tunnel, you might need to setup in advance a role which will get used from the Kubiya namespace in your Kubernetes cluster to be able to get temporary credentials from AWS

Last updated